Crosscomm/Olicom routers have a undocumented community string ILMI
(yes, the same as in cisco :) that has read and write permissions (i
didn't check the whole tree, but you can set system.sysContact.0 for
example). This was checked on a XLT-F router with software 'XL 80 IM
Version 5.5 Build Level 2' (this was what it reported via snmp).
The vendor hasn't been notified, as it doesn't exist (olicom sold their
router business to Intel, don't know what happened to it later).
You can consider this a serious vulnerability, because people will find it
while looking for vulnerable cisco routers.
Jacek Lipkowski
